/**
* @ author StormMaybin
* @ date 2016-12-03
*/
生命不息,奋斗不止!
What’s the Filter
Filter也称之为过滤器,它是Servlet技术中比较激动人心的技术,WEB开发人员通过Filter技术,对web服务器管理的所有web资源:例如Jsp, Servlet, 静态图片文件或静态 html 文件等进行拦截,从而实现一些特殊的功能。例如实现URL级别的权限访问控制、过滤敏感词汇、压缩响应信息等一些高级功能。
如何使用Filter
创建一个Filter类,实现javax.servlet.Filter接口实现doFilter()方法,进行拦截在web.xml中进行配置
package com.yiyexiaoyuan.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
/**
* Servlet Filter implementation class TestFilter
*/
public class TestFilter implements Filter
{
/**
* Default constructor.
*/
public TestFilter()
{
}
/**
* @see Filter#destroy()
*/
public void destroy()
{
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException
{
chain.doFilter(request, response);
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig)
throws ServletException
{
}
}
在web.xml中配置
<filter>
<display-name>TestFilter
</display-name>
<filter-name>TestFilter
</filter-name>
<filter-class>com.yiyexiaoyuan.filter.TestFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>TestFilter
</filter-name>
<url-pattern>/TestFilter
</url-pattern>
</filter-mapping>
应用场景
解决中文乱码的Filter
package com.yiyexiaoyuan.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
/**
* Servlet Filter implementation class PageEncodingFilter
*/
public class PageEncodingFilter implements Filter
{
private String encoding =
"UTF-8";
protected FilterConfig filterConfig;
public void init(FilterConfig filterConfig)
throws ServletException
{
this.filterConfig = filterConfig;
if (filterConfig.getInitParameter(
"encoding") !=
null)
encoding = filterConfig.getInitParameter(
"encoding");
}
public void doFilter(ServletRequest srequset, ServletResponse sresponse,
FilterChain filterChain)
throws IOException, ServletException
{
HttpServletRequest request = (HttpServletRequest) srequset;
request.setCharacterEncoding(encoding);
filterChain.doFilter(srequset, sresponse);
}
public void destroy()
{
this.encoding =
null;
}
}
web.xml配置
<filter>
<display-name>PageEncodingFilter
</display-name>
<filter-name>PageEncodingFilter
</filter-name>
<filter-class>com.yiyexiaoyuan.filter.PageEncodingFilter
</filter-class>
<init-param>
<param-name>encoding
</param-name>
<param-value>UTF-8
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>PageEncodingFilter
</filter-name>
<url-pattern>/servlet/*
</url-pattern>
</filter-mapping>
防止SQL注入Filter实现
package com.yiyexiaoyuan.filter;
import java.io.IOException;
import java.util.Enumeration;
import javax.security.auth.message.callback.PrivateKeyCallback.Request;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
public class SQLFilter implements Filter
{
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException
{
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
Enumeration params = req.getParameterNames();
String sql =
"";
while (params.hasMoreElements())
{
String name = params.nextElement().toString();
String[] value = req.getParameterValues(name);
for (
int i =
0; i < value.length; i++)
{
sql = sql + value[i];
}
}
System.out.println(
"提交方式:"+req.getMethod());
System.out.println(
"被匹配字符串:" + sql);
if (sqlValidate(sql))
{
req.getSession().setAttribute(
"error_message",
"别整这个啊,老实点不好吗?");
throw new RuntimeException(
"恶意代码注入异常");
}
else
{
String request_uri = req.getRequestURI();
System.out.println(request_uri);
chain.doFilter(request, response);
}
}
protected static boolean sqlValidate(String str)
{
str = str.toLowerCase();
String badStr =
"'|and|exec|execute|insert|select|delete|update|count|drop|chr|mid|master|truncate|char|declare|sitename|net user|xp_cmdshell|or|like|;|--|+|,|*|/";
String[] badStrs = badStr.split(
"\\|");
for (
int i =
0; i < badStrs.length; i++)
{
if (str.indexOf(badStrs[i]) != -
1)
{
System.out.println(
"匹配到:" + badStrs[i]);
return true;
}
}
return false;
}
public void init(FilterConfig filterConfig)
throws ServletException
{
}
public void destroy()
{
}
}
web.xml配置
<filter>
<display-name>SQLFilter
</display-name>
<filter-name>SQLFilter
</filter-name>
<filter-class>com.yiyexiaoyuan.filter.SQLFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>SQLFilter
</filter-name>
<url-pattern>/servlet/*
</url-pattern>
</filter-mapping>
<filter>
生命不息,奋斗不止!
转载请注明原文地址: https://ju.6miu.com/read-971488.html